search

NodeSecure / js-x-ray

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
MIT License
229 stars 26 forks source link

Add support for `ImportExpression`. #259

Closed jean-michelet closed 6 months ago

jean-michelet commented 6 months ago

Currently, we do not analyze dynamic imports:

async function loadModule() {
    const myModule = await import('./myModule.js'); // dynamic import
    // code...
}

Should be added to isImportDeclaration probe.

jean-michelet commented 6 months ago

Looking into it next week @fraxken